G
Gary Karasik
Hi,
I hope this is the correct place to post this:
I have several clients with SBS2003 networks consisting of XP/SP1 clients.
All of the XP clients are showing lots of Failure Audits in the Security
Event logs. They are all similar to the following, although some specify
LSASS, some SPOOLSV, some SVCHOST. EventID.NET suggests turning off the
Firewall Service, but turning the Firewall Service off causes the Computer
Browser Service to shut down, so that's not a happy option.
I tried adding LSASS and SPOOLSV to the Exception list, but that didn't stop
the failure audits.
Can anyone tell me hot to fix this?
GaryK
---------------------------------------------------------
Event Type: Failure Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 861
Date: 2/2/2005
Time: 8:46:17 PM
User: NT AUTHORITY\SYSTEM
Computer: JOSHUA
Description:
The Windows Firewall has detected an application listening for incoming
traffic.
Name: -
Path: C:\WINDOWS\SYSTEM32\lsass.exe
Process identifier: 688
User account: SYSTEM
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 3794
Allowed: No
User notified: No
I hope this is the correct place to post this:
I have several clients with SBS2003 networks consisting of XP/SP1 clients.
All of the XP clients are showing lots of Failure Audits in the Security
Event logs. They are all similar to the following, although some specify
LSASS, some SPOOLSV, some SVCHOST. EventID.NET suggests turning off the
Firewall Service, but turning the Firewall Service off causes the Computer
Browser Service to shut down, so that's not a happy option.
I tried adding LSASS and SPOOLSV to the Exception list, but that didn't stop
the failure audits.
Can anyone tell me hot to fix this?
GaryK
---------------------------------------------------------
Event Type: Failure Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 861
Date: 2/2/2005
Time: 8:46:17 PM
User: NT AUTHORITY\SYSTEM
Computer: JOSHUA
Description:
The Windows Firewall has detected an application listening for incoming
traffic.
Name: -
Path: C:\WINDOWS\SYSTEM32\lsass.exe
Process identifier: 688
User account: SYSTEM
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 3794
Allowed: No
User notified: No